Skip to main content

Marriott asking guests for data to see if they were victims of the Starwood hack

Marriott is now offering an easy way to confirm if your personal details were stolen in the massive Starwood hack that was revealed by the hotel giant in November 2018.

Guests who suspect their data may have been involved are being asked to fill out an online form, which will allow the company to make an accurate check. But the company is unable to say how long it will take to respond, saying only that it will reply “as soon as reasonably practicable and consistent with applicable law.”

Recommended Videos

Yes, it is rather ironic that you have to submit personal data to find out if your personal data was stolen. But if you feel you can still trust the company to handle your data in a secure manner, then the process has the potential to offer peace of mind about whether or not your details were caught up in the hack.

The damaging security breach, which was first reported in November last year, affected accounts that had used Starwood’s guest reservation database between 2014 and September 10, 2018.

The hack shocked many not only for its size, but also for the wide variety of data taken. The initial announcement suggested as many as 500 million guests were involved, with lifted information including a combination of name, address, date of birth, gender, phone number, email address, passport number, Starwood Preferred Guest account information, arrival and departure information, reservation date, and encrypted payment card numbers.

Having now removed duplicate records, Marriott announced in recent days that it’s been able to identify “approximately 383 million records as the upper boundary for the total number of guest records that were involved in the incident.”

It added that this doesn’t necessarily mean that 383 million unique guests were involved, “as in many instances, there appear to be multiple records for the same guest.”

What it can now say, with a fair degree of certainty, is that the stolen records included around 8.6 million unique payment card numbers, all of which were encrypted. Some 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers were also nabbed in the breach.

For the latest information on the hack, visit Marriott’s special webpage. Mention of the online form can be found at the top of the FAQs, under the question: “Was my information involved in the incident?”

Marriott acquired Starwood in September 2016 in a deal worth around $13.6 billion. Starwood brands include the likes of Le Meridien, Sheraton, St. Regis, Westin, and W Hotels, among others.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hack involved the data of a nation’s entire population
A depiction of a hacker breaking into a system via the use of code.

Hackers are well known to nab customer data held by companies, but obtaining the personal data of pretty much all of the residents of a single nation in one fell swoop takes the nefarious practice to a whole new level.

The remarkable feat was allegedly performed by a 25-year-old Dutch hacker who, when arrested by police, had in his possession personal data linked to pretty much every resident of Austria -- about nine million people.

Read more
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more